-
Notifications
You must be signed in to change notification settings - Fork 217
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
9207 fake bank #9402
9207 fake bank #9402
Conversation
Deploying agoric-sdk with Cloudflare Pages
|
2cc5bbb
to
14f700a
Compare
@@ -882,25 +881,27 @@ export function buildRootObject(_vatPowers, _args, baggage) { | |||
'denomToAddressUpdater', | |||
); | |||
|
|||
/** @param {ERef<import('./types.js').ScopedBridgeManager<'bank'>>} [bankBridgeMgr] */ | |||
async function getBankChannel(bankBridgeMgr) { | |||
async function getBankChannel() { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does this change mean vat-bank
needs to be upgraded with the next release?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's a refactor that shouldn't affect the behavior. @michaelfig WDYT, should I revert?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I haven't looked carefully, but if the only call to getBankChannel
is on line 903-904, I'm okay with the refactor.
packages/vats/src/virtual-purse.js
Outdated
retain: M.callWhen(PaymentShape).optional(amountShape).returns(amountShape), | ||
retain: M.callWhen(PaymentShape) | ||
.optional(AmountShapeShape) | ||
.returns(amountShape), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Upgrade Consideration: That's a change to vat-bank. Are we planning to upgrade it?
If not, we might have to work around this instead.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I dunno but it's a bug in the interface guard. Working around it means never using that parameter.
If you're proposing to remove the parameter rather than fixing it (so nobody using a thing that will break in production) I can get behind that.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Since all amounts are keys, and all keys are patterns, anything that passes the old incorrect amountShape
guard (when that is the same as AmountShape
) will pass either the new M.pattern()
or AmountShapeShape
guard, so this seems like a compatible change. It only turns correct-but-rejected arguments into correctly-accepted arguments.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, upgrading this in production won't break any code that had managed to run in production before.
My remaining concern is that if we make this fix and don't ship it for a while then in the meantime people may right code that works in dev but will fail when they get to the production chain (or test in a3p). I'll take any changes out fo this PR and leave it for #9407
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
...people may right code that works in dev but will fail when they get to the production chain...
yes. that's exactly the upgrade consideration that I have in mind.
I'm proposing that until we have plans to deploy this fix, we don't put any code that depends on it into stuff that we plan to deploy.
If you're proposing to remove the parameter rather than fixing it ...
I hadn't considered that. And I don't advocate it now (though I suppose I wouldn't object to it).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
See #9410
packages/vats/src/virtual-purse.js
Outdated
@@ -50,7 +51,9 @@ export const makeVirtualPurseKitIKit = ( | |||
}); | |||
|
|||
const RetainRedeemI = M.interface('RetainRedeem', { | |||
retain: M.callWhen(PaymentShape).optional(amountShape).returns(amountShape), | |||
retain: M.callWhen(PaymentShape) | |||
.optional(AmountShapeShape) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The original here is definitely a bug. But why not change to
.optional(AmountShapeShape) | |
.optional(M.pattern()) |
?
It would be more consistent with the existing ERTP guards.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If you want to abstract this by having ERTP
export AmountShapeShape = M.pattern();
in order to encapsulate that representation decision, that would be fine. But in that case, we should also fix the deposit
, receive
and burn
guards to use the clearer name as well, for consistency.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I do like having the named shape there, and do the same for the methods for consistency.
But why define AmountShapeShape
as simply M.pattern()
? Isn't this more accurate and helpful?
/** For parameters that are themselves an AmountShape pattern. */
export const AmountShapeShape = harden({
brand: M.pattern(),
value: M.pattern(),
});
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Isn't this more accurate and helpful?
It is more precise, in that it admits fewer patterns as valid. But the existing guards in ERTP already admit, for example, M.any()
and an optAmountShape
argument, which this more precise pattern would reject. So I'd say it is less accurate and helpful because it is overly precise. Were we to make this change consistently, some (hypothetical?) programs that are currently correct would start failing.
See #9410
packages/vats/src/virtual-purse.js
Outdated
retain: M.callWhen(PaymentShape).optional(amountShape).returns(amountShape), | ||
retain: M.callWhen(PaymentShape) | ||
.optional(AmountShapeShape) | ||
.returns(amountShape), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Since all amounts are keys, and all keys are patterns, anything that passes the old incorrect amountShape
guard (when that is the same as AmountShape
) will pass either the new M.pattern()
or AmountShapeShape
guard, so this seems like a compatible change. It only turns correct-but-rejected arguments into correctly-accepted arguments.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. A lot of forward progress!
closes: XXX refs: #9402 (comment) #9402 (comment) #9407 ## Description #9407 explains that sometimes we used a `.optional(AmountShape)` guard to describe an `optAmountShape` argument. #9402 (comment) #9402 (comment) discussed ways to fix this that were ultimately omitted from #9402 . This PR provides a form of the fix discussed in those comments. Three remaining controversies I'd like my reviewers to comment on: - Whether the name of the exported pattern should be `AmountShapeShape` or `AmountPatternShape`. See my doc-comment on `AmountPatternShape` for my weak reasoning about why I chose this name. - If we do go with `AmountPatternShape` for the stated reasons, should the corresponding parameter variables be changed from `optAmountShape` to `optAmountPattern`. - Whatever the name of the exported pattern, should it be defined as - `M.pattern()` - `harden({ brand: M.pattern(), value: M.pattern() })` - `harden({ brand: BrandShape, value: M.pattern() })` - something else ### Security Considerations For almost all of the choices of resolving the above controversies, this PR remains a pure bug fix. All correct code that used to work will continue working the same way, and some correct code that used to incorrectly fail due to this bug will now start working correctly. The exception would be if we both accepting the renaming of some existing occurrences of `M.pattern()` to `AmountPatternShape`/`AmountShapeShape`, and define this name as a pattern narrower than `M.pattern()`. In that case, existing (hypothetical) code that, for example, used `M.any()` in such an argument position would start failing. ### Scaling Considerations None ### Documentation Considerations None ### Testing Considerations #9407 mentions how to reproduce the bug it reports. This PR should add that as a test, to verify that this PR fixes that bug. ### Upgrade Considerations #9402 (comment) and #9402 (comment) explain the upgrade concern that was likely the cause for omitting this fix from #9042
closes: XXX refs: #9402 (comment) #9402 (comment) #9407 ## Description #9407 explains that sometimes we used a `.optional(AmountShape)` guard to describe an `optAmountShape` argument. #9402 (comment) #9402 (comment) discussed ways to fix this that were ultimately omitted from #9402 . This PR provides a form of the fix discussed in those comments. Three remaining controversies I'd like my reviewers to comment on: - Whether the name of the exported pattern should be `AmountShapeShape` or `AmountPatternShape`. See my doc-comment on `AmountPatternShape` for my weak reasoning about why I chose this name. - If we do go with `AmountPatternShape` for the stated reasons, should the corresponding parameter variables be changed from `optAmountShape` to `optAmountPattern`. - Whatever the name of the exported pattern, should it be defined as - `M.pattern()` - `harden({ brand: M.pattern(), value: M.pattern() })` - `harden({ brand: BrandShape, value: M.pattern() })` - something else ### Security Considerations For almost all of the choices of resolving the above controversies, this PR remains a pure bug fix. All correct code that used to work will continue working the same way, and some correct code that used to incorrectly fail due to this bug will now start working correctly. The exception would be if we both accepting the renaming of some existing occurrences of `M.pattern()` to `AmountPatternShape`/`AmountShapeShape`, and define this name as a pattern narrower than `M.pattern()`. In that case, existing (hypothetical) code that, for example, used `M.any()` in such an argument position would start failing. ### Scaling Considerations None ### Documentation Considerations None ### Testing Considerations #9407 mentions how to reproduce the bug it reports. This PR should add that as a test, to verify that this PR fixes that bug. ### Upgrade Considerations #9402 (comment) and #9402 (comment) explain the upgrade concern that was likely the cause for omitting this fix from #9042
refs: #9207
Description
Working balances through
makeFakeBankBridge
.Security Considerations
none, test code
Scaling Considerations
none, test code
Documentation Considerations
Contract devs may want to use these utilities eventually. I think they're too early to document yet.
Testing Considerations
per se
Upgrade Considerations
none, test code